Researchers have discovered new “highly malleable and highly sophisticated” malware from a Chinese state-backed group of hackers, according to the threat intelligence team at Palo Alto Network Unit 42.
Because it is important: The malware “stands out in its own class in terms of being one of the most sophisticated, well-designed, and hard-to-detect shellcode samples used by an advanced persistent threat (APT),” according to Unit 42.
- The malware, which Unit 42 has dubbed “BendyBear,” bears some resemblance to the “WaterBear family of malware” (hence the bear in the name), which has been associated with BlackTech, a state-linked Chinese cyber spy group. , write Unit 42.
Background: BlackTech has been active since at least 2013, according to Symantec researchers.
- BlackTech has historically focused primarily on intelligence targets in Taiwan, as well as some in Japan and Hong Kong.
- The group has targeted both private sector and foreign government entities, including in the “consumer electronics, computing, healthcare and finance industries,” Trend Micro researchers said.
- Trend Micro also previously assessed that “BlackTech campaigns are likely designed to steal their target’s technology.”
Go deeper: According to Symantec investigators, a spy campaign initiated by BlackTech that began in 2019 also targeted “organizations in the media, construction, engineering, electronics and finance sectors” with targets in Taiwan, Japan, the United States and China.